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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed 02 June 2005 have been fully considered but they are not 
persuasive. Applicant's argument that He does not disclose an application framework is not 
persuasive because application fi^amework is just software and He discloses that the SSO system 
is implemented using software (Col. 7, Unes 4-9). 

2. Applicant's argument that He does not disclose an application framework that logs a user 
with a first level of access in the underlying operating system is not persuasive because the SSO 
allowing the user to log-on to the system meets the Hmitations of generating an appUcation 
framework sign-on screen, wherein said application framework logs on a user, and entering a 
logon input on said generated application framework sign-on screen, which further meets the 
limitation of said user logged onto said underlying operating system and an application 
environment with said first level of access thereby bypassing said initial sign-on screen of said 
underlying operating system with said single sign-on. The user accessing network elements that 
the user is authorized to access and the database for user authorization and user privilege control 
(Fig. 2). 

3. Applicant's argument that He does not disclose a sign-on screen is not persuasive 
because He discloses a single sign-on that allows a user to log-on by providing user informaiton 
(Col 2, lines 25-32) through a sign-on screen (Figure 1), which fiirther meets the limitation of 
entering a logon input on said generated application framework sign-on screen. 

4. Applicant's argument that He does not disclose comparing said logon input with an 
application framework security database to determine level of access is not persuasive because 
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He discloses that the user identifier and password are checked against the information in the user 
profile of the central security database at the security server (Col, 5, lines 7-1 1) to determine the 
set of NEs that the user is authorized to access. This access hst is based on the privilege of the 
user (Col. 5, lines 15-18). The privilege of the user meets the hmitation of the level of access. 

5. Applicant's argument that He does not disclose selecting an indication of said first level 
of access is not persuasive because the selection of the authorized NEs for the specific users are 
an indication of the user level of access. 

6. Applicant's argument that He does not disclose selecting an indication of a second level 
of access is not persuasive because He discloses that if a user log-on gives the user "super user" 
access rights then the user is provided with more privileges to perform administrative functions 
in an network element (Col. 8, lines 51-54). 

7. Applicant's argument that He does not disclose if said logon input is not entitled to a 
second level of access according to said application framework security database, then said user 
is logged onto an application environment and said underlying operating system as said first 
level of access is not persuasive because He discloses that the user privilege level determines the 
access rights that the user has and what network elements the user can access (Col. 5, lines 41- 
45). Unless the user is granted additional access rights (Col. 5, lines 45-48 & Col. 8, lines 40-65), 
the user can only access the network elements designated to that user as being authorized for 
their use, and attempted accesses of unauthorized network elements will be rejected and logged 
(Col. 5, lines 49-58), which further meets the hmitation of if said logon input is not entitled to a 
second level of access according to said apphcation framework security database, then an 
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indication of said second level of access will not be generated to said user, wherein said user is 
restricted to said first level of access. 

8. Applicant's argument that He does not disclose the user does not disclose executing a 
switch user program to switch said user to said second level of access is not persuasive because 
He discloses that if a user log-on gives the user "super user" access rights then the user is 
provided with more privileges to perform administrative functions in an network element (Col 8, 
lines 51-54), which further meets the limitations of if said underlying operating system security 
database verifies said user with access to said second level of access, then said switch user 
program switches said user to said second level of access, if said underlying operating system 
security database does not verify said user with access to said second level of access, then the 
method further comprises the step of requesting from said user a logon identification, and 
comparing said logon identification with said underlying operating system security database 

9. Applicant's argument that He does not disclose said application framework security 
database stores system operator information, wherein said application framework security 
database defines at least one of the following: users, passwords, groups of users and application 
specific authorization is not persuasive because He discloses that the central security database at 
the security server stores profile information for the users (Col. 5, lines 8-10). 

10. Applicant's argument that He does not disclose said switch user program switches said 
user to said second level of access by modifying an underlying operating system's registry is not 
persuasive because He discloses that the user records, stored in registry (Col. 15, lines 52-53), 
are modified to give the user more access rights (Col. 5, lines 41-48). 
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1 1 . Applicant's argument that He does not disclose if said logon input is entitled to a second 
level of access according to said application framework security database, then the method 
further comprises the step of: generating an indication of said second level of access is not 
persuasive because He discloses that the SSO contains an indication digit for regular users and 
for super users (Col. 10, line 58 - Col 11, line 10). 

12. Applicant's argument that He does not disclose transferring said logon input to said 
underlying operating system for verification He discloses that the user attempts to log-on the 
information entered by the user is checked against the information in the user profile of the 
central security database at the security server and assures that the user accesses the correct 
network elements based on the user privilege (CoL 5, lines 8-15). 

13. Applicant's argument with respect to the 112 rejections of claims 9, 14, 21, 27, 36, 41, 
48, 54, 63, 68, 75, 81 is not persuasive because the scope of the claimed subject matter cannot be 
determined by one having ordinary skill in the art because the language is indefinite. The claims 
are requiring "logging off said user with first level of access, wherein said underlying operating 
system logs on said user with said second level of access", which render the claims vague and 
indefinite because they appear to require two different users; one with a first level of access and 
one with a second level of access. The specification and the previous claims from which the 
above mentioned claims depend claim switching user level of access "to" a different level, where 
this limitation requires switching "users with" a level of access to a user with another level of 
access, which renders the claim vague and indefinite because the scope of the claim cannot be 
determined by the specification or the claims. 
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14. Applicant's arguments, with respect to 1 12 rejections claims 22, 49, 76 have been fiilly 
considered and are persuasive. The 1 12 rejections of claims 22, 49, 76 have been withdrawn. 

Claim Rejections - 35 USC § 112 

15. The following is a quotation of the second paragraph of 35 U.S. C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

16. Claims 9, 14, 21, 27, 36, 41, 48, 54, 63, 68, 75, 81 are rejected under 35 U.S.C. 1 12, 
second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

17. Claims 9, 14, 21, 27, 36, 41, 48, 54, 63, 68, 75, 81 recite the limitation "logging off said 
user with first level of access, wherein said underlying operating system logs on said user with 
said second level of access" which renders the claim indefinite because it is unclear which level 
of access the user possesses. 

Claim Rejections - 35 USC §102 

18. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except liiat an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

19. Claims 1-8, 10-13, 15-20, 22, 23, 28-35, 37-40, 42-47, 49, 50, 55-62, 64-67, 69-74 76, 
77, are rejected under 35 U.S.C. 102(e) as being anticipated by He, U.S. Patent No. 5,944,824. 
Referring to claims 1, 7, 28, 33, 55, 60, He discloses a system for single sign-on to a plurality of 
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network elements wherein users are allowed to log-on only once at a user station and a Security 
Server will automatically log the user on to all the network elements that the user is authorized to 
access (Col. 2, lines 25-32). The architecture and method for the Single Sign-on system ("SSO") 
meets the hmitation of providing an application framework. The SSO allowing the user to log- 
on to the system meets the Umitations of generating an apphcation framework sign-on screen, 
wherein said apphcation framework logs on a user, and entering a logon input on said generated 
application framework sign-on screen. The user accessing network elements that the user is 
authorized to access and the database for user authorization and user privilege control (Fig. 2) 
nieet the hmitation of user log-on with a first level of access in said underlying operating system. 
When the user attempts to log-on the information entered by the user is checked against the 
information in the user profile of the central security database at the security server and assures 
that the user accesses the correct network elements based on the user privilege (Col. 5, hnes 8- 
15), which meets the limitation of comparing said logon input with an application framework 
security database to determine level of access. The SSO system is incorporated with the security 
server (Figs. 1 & 2), which meets the limitation of a processor, a memory unit operable for 
storing a computer program operable for bypassing an initial sign-on screen of an underlying 
operating system with a single sign capability, an input mechanism, an output mechanism, and a 
bus system coupling the processor to the memory unit, input mechanism, and output mechanism. 

Referring to claims 2, 3, 18, 29, 30, 45, 56, 57, 72, He discloses that the user attempts to 
log-on the information entered by the user is checked against the information in the user profile 
of the central security database at the security server and assures that the user accesses the 
correct network elements based on the user privilege (Col. 5, lines 8-15), which meets the 
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limitations of selecting an indication of said first level of access, the user is logged onto said 
underlying operating system and an application environment with said first level of access 
thereby bypassing said initial sing-on screen of said underlying operating system with said single 
sign-on. 

Referring to claims 4, 10, 16, 24, 31, 37, 43, 51, 58, 64, 70, 78, He discloses that the user 
privilege level determines the access rights that the user has and what network elements the user 
can access (Col. 5, lines 41-45). Unless the user is granted additional access rights (Col. 5, lines 
45-48 & Col. 8, lines 40-65), the user can only access the network elements designated to that 
user as being authorized for their use, and attempted accesses of unauthorized network elements 
will be rejected and logged (Col. 5, Hnes 49-58), which meets the Umitation of if said logon input 
is not entitled to a second level of access according to said application framework security 
database, then said user is logged onto an application environment and said underlying operating 
system as said first level of access. 

Referring to claim 5, 23, 32, 50, 59, 77, He discloses that the user log-on information is a 
user ID and password (Col. 2, lines 60-61). 

Referring to claim 6, 17, 19, 22, 25, 34, 44, 46, 49, 52, 61, 71, 73, 76, 79, He discloses 
that if a user log-on gives the user "super user" access rights then the user is provided with more 
privileges to perform administrative functions in an network element (Col. 8, lines 51-54), which 
meets the limitation of executing a switch user program to switch said user to said second level 
of access. 

Referring to claims 8, 13, 20, 26, 35, 40, 47, 53, 62, 67, 74, 80, He discloses that the user 
records, stored in registry (Col. 15, lines 52-53), are modified to give the user more access rights 
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(Col. 5, lines 41-48), which meets the limitation of a user switching program switches said user 
to said second level of access by modifying an underlying operating system's registry. 

Referring claims 11, 12, 15, 38, 39, 42, 65, 66, 69, He discloses that the SSO contains an 
indication digit for regular users and for super users (Col. 10, line 58 - Col. 11, line 10), which 
meets the limitation of if said logon input is entitled to a second level of access according to said 
application framework security database, then the method further comprises the step of 
generating an indication of said second level of access, executing a switch user program to 
switch level of access to said second level of access by selecting said indication of said second 
level of access. 

Conclusion 

20. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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21 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin E. Lanier whose telephone number is 571-272-3805, 
The examiner can normally be reached on M-ThO 7:30am-5 :00pm, F 7:30am-4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published appUcations 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Benjamin E. Lanier 




GILBERTO BARRON J(L. 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



